Expiring the lease makes the mgmt server reach out to the firewall and effectively poke it, and asks it to check in. May mean that the firewall has incorrect setting (wrong IP, etc) for the mgmt server, or something else.
-On the firewall that isn't checking in, search the traffic monitor logs for "dvcp" -- any errors there might shed some light on what the problem is.
-Make sure that the firewall has the correct management server IP in Setup -> Managed Device Settings.
-Make sure that the firewall in front of the management server is allowing the external traffic into the management server. Many admins will change the policy from any-external to a list of their managed firewalls -- this might need to be updated if you've done that.
If you keep running into the issue, opening a support ticket would probably be the next step to fixing it.
Turn on Logging on any policies which you think will allow this access so that you see access attempts in Traffic Monitor.
You can test this access using the SSLVPN client from behind the firewall.
Make sure that the Dynamic NAT settings still have the 3 private supernets and that one of them includes the SSLVPN virtual IP subnet.
In addition to the above, if you'd like to have a look at a running dimension system with logs running to it, you can do so athttps://demo.watchguard.com
If the BOVPN tunnel is from your WG firewall to some other device on the Internet - yes this is possible.
You need to add the SSLVPN virtual subnet to the BOVPN Tunnel settings on each end.
Allow Mobile VPN with SSL Users to use Resources Through a BOVPN Tunnelhttps://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_via_sslvpn_c.html
Opps - my error.
From: Any-external is correct.
Change the To: field from Firebox to 22.214.171.124
If you're just managing the one firewall, there really isn't any reason to re-install the management server. You can just use WSM too connect to the firewall directly.
For managed (DVCP) VPNs, it's not configurable. If you need to configure that setting, I'd suggest building the tunnel manually either in Policy Manager or the WebUI.
Maybe, but a new inexpensive consumer grade router / NAT firewall can do so as well.
What software version is on the X15?
There should be a MUVPN option - which is a client VPN.
As this firewall and firmware is so old, I would not recommend doing this.
There may well be modern client VPN incompatibilities and there could be unpatched exposures in the old software on this unit.
The only log servers that we support are:
-WatchGuard Log/Report server, which runs on Windows.
-WatchGuard Dimension, which is a VMWare/HyperV virtual machine.
You can find more about each here:
(Quick Start — Set Up Logging to a WSM Log Server)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/setup_logging_task_wsm.html
(Get Started with WatchGuard Dimension)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/dimension/get-started_dimension_d.html
Some customers have reported success converting a Dimension VMWare image over to Linux KVM (https://www.linux-kvm.org/) however, Dimension is only supported on supported versions of VMWare and HyperV. This means it'd likely work, but if it were to break, you'd be on your own.
Finally, the firewall does support sending log data via syslog, but you'll need to set up your own 3rd party server/service to handle the syslog data stream. You can find more about that here:
(Configure Syslog Server Settings)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html